Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Grocery crud 1.6.4 - 'order_by' SQL Injection
Vulnerability Description
Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Grocery Crud 安全漏洞
Vulnerability Description
Grocery Crud是Grocery Crud开源的一个软件开发工具。 Grocery Crud 1.6.4版本存在安全漏洞,该漏洞源于order_by参数存在SQL注入,可能导致操纵数据库查询。
CVSS Information
N/A
Vulnerability Type
N/A